Jump to content

Search the Community

Showing results for tags 'encrypt'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 10 results

  1. hi I set up an internal server eset my server can give update from versions 4,5,6,7,8,9,10 and 11.1.42.0 (Antivirus,Smart Security,Internet Security,Smart Security Premium) after 11.1.42.0 eset change the Activation Method and input activation all Sections (computer protection,internet protection,network protection,security tools) in license.lf file in patch: C:\ProgramData\ESET\ESET Security\License now in new versions (11.1.54.0 and 11.2.49.0) i'm somewhat successful in activating. now eset color is green but now i want active all sections (computer protection,internet protection,network protection,security tools) to do this i must make changes to the license.lf file. i know a part of the file is encrypted and when i creation the slightest change in file,license.lf broken! now i need the help for decrypy the license.lf file for change Expire time without broken file! What do you think of this? i put license.lf file in attach to view and test Site: https://www.upload.ee Sharecode: /files/8748211/license.zip.html
  2. Let's Encrypt – a SSL/TLS certificate authority run by the non-profit Internet Security Research Group (ISRG) to programmatically provide websites with free certs for their HTTPS websites – on Thursday said it is discontinuing TLS-SNI validation because it's insecure in the context of many shared hosting providers. TLS-SNI is one of three ways Let's Encrypt's Automatic Certificate Management Environment protocol validates requests for TLS certificates, which enable secure connections when browsing the web, along with the confidence-inspiring display of a lock icon. The other two validation methods, HTTP-01 and DNS-01, are not implicated in this issue. The problem is that TLS-SNI-01 and its planned successor TLS-SNI-02 can be abused under specific circumstances to allow an attacker to obtain HTTPS certificates for websites that he or she does not own. Such a person could, for example, find an orphaned domain name pointed at a hosting service, and use the domain – with an unauthorized certificate to make fake pages appear more credible – without actually owning the domain. For example, a company might have investors.techcorp.com set up and pointed at a cloud-based web host to serve content, but not investor.techcorp.com. An attacker could potentially create an account on said cloud provider, and add a HTTPS server for investor.techcorp.com to that account, allowing the miscreant to masquerade as that business – and with a Let's Encrypt HTTPS cert, too, via TLS-SNI-01, to make it look totally legit. It sounds bonkers but we're told some cloud providers allow this to happen. And that's why Let's Encrypt ditched its TLS-SNI-01 validation processor. Ownership It turns out that many hosting providers do not validate domain ownership. When such providers also host multiple users on the same IP address, as happens on AWS CloudFront and on Heroku, it becomes possible to obtain a Let's Encrypt certificate for someone else's website via the TLS-SNI-01 mechanism. On Tuesday, Frans Rosén, a security researcher for Detectify, identified and reported the issue to Let's Encrypt, and the organization suspended certificate issuance using TLS-SNI-01 validation, pending resolution of the problem. In his account of his proof-of-concept exploit, Rosén recommended three mitigations: disabling TLS-SNI-01; blacklisting .acme.invalid in certificate challenges, which is required to get a cert via TLS-SNI-01; and looking to other forms of validation because TLS-SNI-01 and 02 are broken given current cloud infrastructure practices. AWS CloudFront and Heroku have since tweaked their operations based on Rosén's recommendation, but the problem extends to other hosting providers that serve multiple users from a single IP address without domain ownership validation. Late Thursday, after temporarily reenabling the validation method for certain large hosting providers that aren't vulnerable, Let's Encrypt decided it would permanently disable TLS-SNI-01 and TLS-SNI-02 for new accounts. Those who previously validated using TLS-SNI-01 will be allowed to renew using the same mechanism for a limited time. "We have arrived at the conclusion that we cannot generally re-enable TLS-SNI validation," said ISRG executive director Josh Aas in a forum post. "There are simply too many vulnerable shared hosting and infrastructure services that violate the assumptions behind TLS-SNI validation." Aas stressed that Let's Encrypt will discontinue using the TLS-SNI-01 and TLS-SNI-02 validation methods Article
  3. NoFile.io is a large file sharing website that encrypts files in the browser before upload. Using this website, you can easily upload and share large files of up to 10GB per file. This large file sharing website will first encrypt that file in your browser, and will then transfer to its servers over HTTPS, so that it is safely transferred to its servers. It also gives you an option to password protect the sharing URL. The best part is that you do not even need to register with this service. The files that you share are stored on this service for a long time. Its documentation mentions that there is an option to set expiry time for each file, though I wasn’t able to find that option. How to Encrypt Files in the Browser Before Upload Using This Large File Sharing Website: There is no dearth of large file sharing services. We have already covered services like Sharechat, Filemoves.com, Bitzen that provide pretty good options to share large files. What I like in NoFile.io is its inherent focus on security. You can choose to encrypt the files before they are even uploaded, so that the file cannot be compromised even when it is on NoFile.io’s server. Also, all the file transfers happen over HTTPS. And finally, you can choose to password protect the URL as well, so that in case the file sharing URL is accidentally shared with someone, then he / she cannot download the file, unless they have the password. So, there are a lot of security steps built-in. Also, the service provides almost anonymous file sharing, as it does not asks you to register for the service. In fact, it does not even have any option of registration! So, you can share the file without bothering to share your personal details. However, I used the word “almost” anonymous, as I am not sure if saves any records (like, IP details etc.) when you upload a file. And I wasn’t able to find any info regarding that in its FAQ as well. So, if you want to share something that is not too sensitive, then you can go ahead and use this service. Now, coming to using this service itself, it is pretty easy. When you go to the upload page of this service, you will see a big upload box. Just drag and drop any file from your PC on it, and the file will immediately start uploading. Once the upload is complete, it will give a share URL for the file. That is pretty much how you can upload and share files using this large file sharing service. Now, by default, it does not encrypt file while uploading (as that slows the upload speed). In case you want to encrypt file, then click on Settings icon and choose the Encrypt option. In case you do upload files with Encryption option, then the sharing URL that it generates will have encryption key added in the URL itself. This will ensure that when you share that URL with anyone, they don’t have to know the encryption key separately. Also, as soon as they click on download button, the file will start downloading, and while downloading, it will decrypt also in the browser. Do note that it uses JavaScript based encryption / decryption in the browser, so this feature works on modern browsers only. As I mentioned above, you can also choose to password protect the sharing URL. You will see option to password protect the URL once the file has finished uploading and sharing URL is generated. Other features of this Encrypted File Upload and Sharing Service: File Preview Option: This service lets you preview the files, before downloading them. This feature works for image files, audio files, as well as video files. Do note that this feature also relies on browser’s capability to display / play such files. Also, the preview feature didn’t work for me when the files were encrypted. See Upload History in Browser: This large file sharing service does not have any registration option, but it saves your upload history in your browser’s cache. So, whenever you go to homepage of this website, you can see the list of all the files that you have uploaded, and get their sharing URLs. Of course, this information remains only as long as you don’t delete browser cache. Limitations of NoFile.io: No Option to Delete File: I find this a big limitation of NoFile.io. Once you have uploaded a file, it does not give you an option to delete it. There is a Remove Icon, but that actually does not deletes the file. I believe it is meant to only remove the file history from your browser’s cache, but in my case, it didn’t delete that as well. I would have really loved to see sort of delete URL being generated, in addition to share URL, that could be used to anytime delete the file. File Expiry Option Missing: The documentation of this file sharing service mentions that there is “Options” button using which expiration date for a file could be set. But I wasn’t able to see that option anywhere. No Real-Time File Transfer: One of the things I really like in some modern file sharing services (like, JustBeamIt and Snapdrop) is that as soon as you start uploading a file, it can be downloaded by anyone. In that case, it is not required to wait for the entire file to be uploaded before it can be downloaded. This is especially useful in case of large files. However, this service does not have that option. No clarity on Anonymity: As I mentioned above, this large file sharing service places a lot of emphasis on security, but it is not very clear on the anonymity front. I am really not sure how well it covers your tracks when you use this file sharing service. Closing Words: I like NoFile.io large file sharing website, as it places good emphasis on security, as well as uses modern technologies. Also, it provides a decent upload size (10 GB per file, with no limit on number of files that you can upload). However, the limitations that I mentioned above hold me back from completely switching to this service. Specifically, I would like to atleast see an option to delete a file that I have uploaded. You can try NoFile.io here. Article source
  4. The news comes after the activist email service revealed it complied with two warrants related to users suspected of criminal activity. Late last year, popular activist-focused email service Riseup failed to update its warrant canary. At the time, no additional information was provided. But the move raised suspicion, as warrant canaries are cryptographically signed messages that, when not updated per an expected schedule, are intended to warn users that a company or service is facing some sort of legal battle, but is also under a gag order and can't address it publicly. On Thursday, Riseup clarified what happened. The FBI had served two warrants onto Riseup, which the service complied with. In response, Riseup said it is now implementing encrypted storage so it won't be in a position to handover useful data again. "After exhausting our legal options, Riseup recently chose to comply with two sealed warrants from the FBI, rather than facing contempt of court (which would have resulted in jail time for Riseup birds and/or termination of the Riseup organization)," a Riseup statement reads. ("Riseup birds" are volunteers that help maintain the service.) To be clear, those warrants did not relate to activism. According to Riseup, the first concerned the contact email address for a DDoS extortion ring, and the second was related to a ransomware campaign. "Extortion activities clearly violate both the letter and the spirit of the social contract we have with our users: We have your back so long as you are not pursuing exploitative, misogynist, racist, or bigoted agendas," Riseup's statement continues. Riseup was unable to inform its users of the warrants because of related gag orders, although it did say in a November 2016 interview with The Intercept that the case did not concern a National Security Letter—controversial legal demands for data that the FBI often uses. Regardless, this event has inadvertently shown that Riseup's warrant canary was perhaps not phrased in the best way. "A Canary is supposed to signal important risk information to users, but there is also danger in signaling the wrong thing to users or leading to general fear and confusion for no good reason," the statement adds. Now, the canary has been tweaked to only apply to "significant events that could compromise the security of Riseup users." Most importantly, Riseup is now going to store user emails in such a way that, theoretically, even the service's administrators won't be able to read their contents. "Starting today, all new Riseup email accounts will feature personally encrypted storage on our services, only accessible by you," the statement reads. This isn't end-to-end encryption: your data may still be read if intercepted in transit. But it should protect user emails if a server is physically seized, or if Riseup is legally compelled to hand over info. By Joseph Cox https://motherboard.vice.com/en_us/article/riseup-will-encrypt-all-emails-to-prevent-fbi-searches
  5. FileZilla Secure FTP Client is a fork of the popular ftp program for Windows and other devices that improves security by adding master password support. FileZilla is a great cross-platform FTP client that is offered as a client and server version. The software is open source, and provides you with an impressive set of features. The program supports more than just FTP though, as you can use it for FTPS and SFTP on top of that as well. Check out our review of FileZilla for a feature rundown and additional information. One of the shortcomings of FileZilla, at least according to some of its users, is that saved accounts and connection data is not protected. This means that anyone with access to the computer may look up, copy or transfer the information. The camp that is against adding master password protection argues that all is lost if someone gains unauthorized access to the PC. The proponents of master password protection argue that more protection, optional in this case, can never be a bad thing. FileZilla Secure FTP Client The author of FileZilla Secure decided to take matters into his own hands after attackers managed to steal FileZilla login information from his computer. FileZilla Secure is in most regards an exact copy of the FileZilla client. You may use it for the same purpose as FileZilla. In fact, there are only two differences to Filezilla. You will notice the first right on first start of FileZilla Secure, as you are asked to enter a new master password. This master password is used to encrypt the stored FTP login details on the local system. As is the case with all master passwords, there is no option to reveal it once it has been set. This means that you will lose access to the FTP database if you forget the password. You are prompted to enter the master password set on first run whenever FileZilla Secure is started. The dialog offers an option to change the master password should you want to change it. All login information are stored in the encrypted file filezilla.dat. FileZilla Secure ships with another difference: the author has increased the maximum number of transfer threads to 1000. This enables users of the software to increase the number of threads beyond the hard coded 10 of Filezilla. Closing Words Filezilla Secure is a fork of FileZilla that improves security by adding master password support. It may also improve downloads provided that servers support more than ten simultaneous download threads. The program is an alternative to FileZilla, especially for users who want more security. It remains to be seen whether the program is updated regularly by its author and how fast that happens though. FileZilla Secure FTP Client Article source
  6. You’ve heard us talk extensively about the importance of moving the web to HTTPS – the encrypted version of the web’s HTTP protocol. Today, CDT is releasing a one-pager aimed toward website system administrators (and their bosses!) that describes the importance of HTTPS. The very short version of our argument is as follows: Without HTTPS, ISPs and governments can spy on what your users are doing; Using HTTPS prevents malicious actors from injecting malware into the traffic you serve; You already need HTTPS to do payments if you accept money; Without HTTPS, ISPs can strip out your ads/referrals and add their own; Without HTTPS, your website cannot utilize HTTP/2 for optimal performance; Without HTTPS, you can’t use the latest web features that require HTTPS (e.g., geolocation); and Without HTTPS, you can’t know if your users received important resources like your terms of service and privacy policy without modification. At CDT we’ve been looking into ways to motivate increased HTTPS adoption, which is now at well over half of all web requests. However, the amount of unencrypted HTTP is still massive, and there are a lot of large websites that do not use HTTPS. Enter Google’s transparency report, which recently added a section that tracks HTTPS adoption on the top 100 websites. It assesses sites in terms of three factors: do they support HTTPS, do they do so by default, and do they use modern cryptography. Many major sites like Facebook, Google, and Wikimedia have made the switch. One wrinkle emerges from Google’s report quite clearly: the two big industry sectors not doing so hot in terms of HTTPS are news sites and the adult entertainment industry. If you are a sysadmin at a top-100 adult site, allow us to help you navigate the switch to a more secure web for your users. To that end, we are excited to announce a partnership to increase HTTPS adoption for online adult entertainment. Over the coming months, CDT will work with the Free Speech Coalition (FSC) – the trade association for the adult entertainment industry – and other HTTPS evangelists to engage with adult website operators and make the case that we make here: HTTPS is the best of all worlds in terms of protecting traffic online and delivering the best experience for users. We plan to conduct a series of webinars and outreach events in partnership with FSC to reach their large network of members. If you are an adult website operator who has questions we can answer, please don’t hesitate to reach out to us or the folks at FSC. If you are a sysadmin at a top-100 adult site, allow us to help you navigate the switch to a more secure web for your users. As Google’s transparency report exposed, adult websites are moving slowly; large adult websites seem to overwhelmingly use plain HTTP, or serve ads over plain HTTP. The few adult websites in the top-100 that scored well in Google’s metrics were “cam” sites – websites that facilitate remote adult interactions via real-time video chat between two individuals. That seemed intuitive; all the other top-100 adult sites were focused on one-way broadcast of adult videos, images, etc., rather than two-way real-time communication, which could be exceedingly more sensitive than passive consumption of adult content. There is some good news for adult entertainment sites in terms of how difficult it might be to switch to HTTPS. Princeton researchers Steven Englehardt and Arvind Narayanan published research earlier this year that, in part, showed adult websites have many fewer trackers than news sites. One of the biggest factors in slow adoption by news sites of HTTPS was the complexity of their ad infrastructure and website analytics; they had to track down every single instance of an insecure page element being sent and work with their partners to correct that behavior. So, perhaps the adult industry won’t face the same barriers to HTTPS adoption that journalism has faced? A more secure Web is in all of our interests Even with the challenges, there has been some good movement from news sites recently: The Washington Post, Wired, ProPublica, TechCrunch, and Buzzfeed are great examples of news properties that have all moved to HTTPS (Zack Tollman at Wired has gone so far as to document the process and various snags they’ve run into during their move to HTTPS). A more secure Web is in all of our interests – and that includes every corner, from news sites to the more private parts. We look forward to working with diverse organizations, including the Free Speech Coalition, to increase HTTPS adoption and improve all of our security as we interact online. Article source
  7. Ransomware has become a big problem in recent years, particularly crypto-ransomware, which encrypts data on users' systems. New research by Kaspersky Lab looking at how it’s evolved over the last two years points to just how big. Among the findings are that the number of users attacked with crypto-ransomware rose 5.5 times, from 131,111 in 2014-2015 to 718,536 in 2015-2016. The total number of users encountering any type of ransomware between April 2015 and March 2016 also increased by 17.7 percent compared to the period April 2014 to March 2015. The share of users encountering ransomware at least once as a proportion of the total number of users encountering malware rose 0.7 percentage points, 2014-2015 and 2015-2016. The study also shows that the United States, Germany, and Italy are the countries with the highest percentage of users attacked with encryption ransomware. "The biggest problem with crypto-ransomware today is that sometimes the only way to get the encrypted data back is to pay the criminals, and victims tend to pay. That brings a lot of money into the underground ecosystem that has grown up around this malware, and as a result we are seeing new cryptors appear almost daily," says Fedor Sinitsyn, senior malware analyst at Kaspersky Lab. "Companies and regular users can protect themselves by implementing regular backups, using a proven security solution and keeping themselves informed about current cybersecurity risks. The ransomware business model seems to be profitable and safe for criminals, and the security industry and users can change that just by implementing these basic measures". Kaspersky offers a number of tips for consumers to protect themselves, including using a reliable security solution, making sure the software on your machine is kept up to date, and taking regular backups. More detailed information on the findings is available on the Kaspersky website. Article source
  8. Four U.S. lawmakers concerned with measures being considered in California and New York House bill would prevent patchwork of state laws banning smartphone encryption Four bipartisan members of Congress introduced legislation this week to preempt a potential patchwork of state and local government laws banning encryption on smartphones. The measure, called the ENCRYPT (Ensuring National Constitutional Rights for Your Private Telecommunications) Act of 2016, is intended to ensure a uniform national policy for encryption technology, according to a statement from the lawmakers. U.S. Rep. Ted W. Lieu (D-Calif.), joined Reps. Blake Farenthold (R-Texas), (Suzan DelBene, D-Wash.) and Mike Bishop (R-Mich.) in sponsoring the measure. The lawmakers are worried initially about bills sponsored by state legislators in California and New York that would ban encryption on any smartphone sold in their states. Encryption is used on many smartphones, including recent iPhones and Android phones, and is designed to protect a user’s personal data, such as private financial and health information, from snooping eyes. A decryption key is needed to open encrypted data, and that key is not typically available to smartphone makers and is only available to the phone user, often through a passcode. As a result, smartphone makers like Apple have told intelligence officials, the FBI and others that they cannot decrypt data on the latest smartphones, which are protected by full-disk encryption. The ENCRYPT bill arrived as FBI Director James Comey and others have tried to persuade tech giants to share encrypted data, especially on smartphones, to help them investigate crimes and terror attacks. Comey told the Senate Intelligence Committee on Tuesday that a phone used by one of the terrorists in the San Bernardino, Calif., shootings is still encrypted and cannot be hacked. He also said a woman killed in Louisiana last April used an encrypted iPhone that could provide clues to her killer. The proposals in New York and California, if passed, would require manufacturers of encrypted smartphones to enable decryption of data on the phones made after 2017. “A patchwork of 50 different encryption standards is a recipe for disaster that would create new security vulnerabilities, threaten individual privacy and undermine the competitiveness of American innovators,” Lieu said in a statement. “It is bad for law enforcement, bad for technology users and bad for American technology companies. National issues require national responses. The ENCRYPT Act makes sure this conversation happens in a place that does not distrupt interstate commerce.” Trade groups including Information Technology Industry Council and Internet Association and Internet Infrastructure Coalition quickly endorsed the ENCRYPT measure. New York Assemblyman Matthew Titone introduced a bill in June to block encrypted smartphones in that state. California Assemblyman Jim Cooper introduced a similar bill affecting smartphones sold in California in January. Both legislators are Democrats. SOURCE
  9. A security vulnerability affecting 16 companies worldwide, including Air Canada, the CN Tower, and the San Diego Zoo, has potentially revealed the unencrypted credit card data of hundreds of thousands of customers, according to a report by threat detection firm Wandera. The vulnerability, which Wandera dubbed "CardCrypt," comes after a failure of companies to effectively encrypt their customers' credit card data. The 16 global companies, including numerous airlines, failed to effectively encrypt traffic to the payment portion of their websites and apps. According to Wandera, the 16 affected companies - which are listed below - serve a combined 500,000 customers a day, meaning information on hundreds of thousands of credit cards may have been exposed over the course of the vulnerability. The 16 companies currently affected by the security vulnerability are: Company Country Industry easyJet UK Air Travel Aer Lingus Ireland Air Travel Chiltern Railways UK Rail Travel Dash Card Services UK Parking Services KV Cars UK Taxi Services PerfectCard.ie Ireland Gift Cards 1Robe.fr France Weddings & Bridal Oui Car France Taxi Services San Diego Zoo US Zoo Air Canada Canada Air Travel CN Tower Canada Tourist Destination American Taxi US Taxi Services Hotwire Communications US Broadband/Telecom Tribeca Med Spa US Health & Wellness AirAsia Malaysia Air Travel Sistic Singapore Events & Ticketing Although it is currently unknown whether any credit card information has been accessed by an unauthorized third party, customers of the aforementioned companies should take steps to secure their information, including potentially cancelling any affected credit cards and monitoring their accounts for any suspicious activity. Wandera says the breach may have compromised information including credit card numbers, CVVs, passport details, vehicle registration information, email addresses, billing address, and phone numbers. Wandera has called on all affected companies to implement proper security protocols and encryption in their services. Chiltern Railways, the San Diego Zoo, CN Tower, Aer Lingus, easyJet, and Air Canada have confirmed that they have resolved the issue and fixed their security vulnerabilities. Source: Wandera Article source
  10. Cross-signatures in hand, free cert authority is ready to roll Let's Encrypt has announced that it's received cross-signatures from IdenTrust. The free-certificates-for-all venture, set up by researchers, the EFF, and a bunch of supporting vendors, says the cross-signatures mean the major browsers can now receive Let's Encrypt certificates without throwing an error. The cross-signatures apply to the organisation's Let's Encrypt Authority X1 and Let's Encrypt Authority X2 intermediate certificates. With browser support, visiting the Let's Encrypt demonstration at https://helloworld.letsencrypt.org/ no longer throws an “untrusted” error in Mozilla, IE, Safari, Chrome and the like. The next step will be getting Web server admins to configure their systems to serve the cross-signature certificate. That's not a problem, the group says. “Almost all server operators will choose to serve a chain including the intermediate certificate with Subject 'Let’s Encrypt Intermediate X1' and Issuer 'DST Root CA X3',” the group writes. “The official Let’s Encrypt software will make this configuration seamlessly.” Let's Encrypt was set up by Mozilla, Cisco, IdenTrust, Akamai, researchers from the University of Michigan, the Internet Security Research Group and the Electronic Frontiers Foundation. Source
×